State Privacy Laws CCPA CPRA

The California Consumer Privacy Act (CCPA), passed in 2018 and effective January 2020, was the first comprehensive state-level privacy law in the U.S., granting California residents broad rights over their personal information. It requires businesses to provide transparency about data collection, use, and sharing, while giving consumers rights to access, delete, and opt out of the sale of their personal data.The California Privacy Rights Act (CPRA), adopted in 2020 and effective January 2023, amended and expanded the CCPA by introducing new rights, stricter obligations, and the creation of the California Privacy Protection Agency (CPPA) for dedicated enforcement. Together, these laws impact a wide range of industries, including technology companies, e-commerce, financial services, advertising/marketing firms, healthcare providers (when handling non-HIPAA data), and data brokers, setting a model that other U.S. states are following with similar privacy laws. Organizations must implement comprehensive data residency frameworks to ensure compliance with consumer rights requests, data processing transparency requirements, and secure handling of personal information across all business operations.